#090: Cybersecurity Series – Cyber Threat Actors

#090: Cybersecurity Series – Cyber Threat Actors

In this podcast, Eric, Michael, and I discuss Cyber Threat Actors…who they are, their motivations, and how to protect yourself from their attacks.

Preface: To put a bow on our threat series, we are going to discuss threat actors. The term threat actor is often used interchangeably with attacker, adversary, and probably most commonly used in popular culture, hacker. The term hacker is quite vague, is often attributed to only those who intend to do harm, but in reality, the word really means someone who tries to creatively overcome challenges to achieve an outcome. You’ll notice in most security literature, individuals or groups that have some nefarious intent, referred to as attacker, adversaries, or threat actors/groups.

Types of TA’s

• Hacktivists – A TA that has opposes the victim’s ideology. The victim is often a government or business. “Anonymous” is probably the most well-known example of a hacktivist group.
• Insiders – A dangerous form of TA since organizations so often focus on protecting their organization from dangers on the outside. An insider threat can be an employee who is incentivized by outside groups to steal data or cause damage to their employer. They can also be a disgruntled employee.
• Cyber terrorists – These TA’s typically focus on critical infrastructure, government-run entities, and businesses. In targeting these victims, cyber terrorists look to cause a broad impact with their attack.
• Script Kiddies – These TAs are almost always unskilled that rely upon pre-built tools or malware that are openly available on the internet.
• Nation-States – These TAs are state-sponsored. They have the backing of a country’s government, meaning that their resources outmatch that of other TAs. They are highly skilled, persistent, and often the most difficult to detect and stop because of their resources and skills.
• User Error – A commonly ignored, but present threat is that of an internal user unintentionally causing damage to an organization.

Motivations – There are a variety of motivations depending upon the TA.

• Hacktivist – These TA’s are typically not financially motivated and are more interested in disrupting operations of the government or business.
• Insiders – Financial motivation or some form of vengeance could be a factor for these TAs.
• Cyber terrorists – These TAs seek to cause economic or physical harm to their victims.
• Script Kiddies – Motivation = Thrills
• Nation-States – There are a couple possible motivations for nation-state TA’s. Espionage and cyberwarfare are probably two of the most common motivations for this type of TA.
• User Error – None. They just made a mistake.

How to Protect Against All These Types of TAs?

The short answer = It depends upon which TA you’re trying to stop.

Long answer

• Insiders = Implementing least privilege and UEBA (User Entity and Behavior Analytics) solution
• Script Kiddies = Focus on implementing and maintaining good cyber best practices. (I.e. – don’t leave unnecessary ports open to the internet) ○
• User error = Anti-phishing, block USB storage devices, keep good backups
• Hacktivists and cyber terrorists = No one or two specific solutions. Security in layers
• Nation-states = Make sure you have a good IR team on retainer. Keep good backups. Test your DRP